Although mainstream media coverage of the massive Solarwinds hack seems to indicate the danger is over, the sophisticated hackers may still be hiding in plain sight.
Microsoft recently uncovered at least three strands of malware deployed by the alleged Russian hackers. This new revelation raises alarms across industries that the Solarwinds attacks may not be over. The question business professionals need to be answered is whether their network has been breached and if cybercriminals are actively copying and selling digital assets on the dark web.
Highly skilled cybercriminals reportedly penetrated a Solarwinds system known as “Orion.” These stealth hackers managed to insert malicious code into its software products that were inadvertently dispersed to the outfit’s 33,000 customers in the form of updates.
This code created secret backdoors that allow digital thieves and spies to infiltrate wide-reaching networks, including government agencies such as the Department of Homeland Security and Treasury Department, among others. The so-called Solarwinds attacks were not limited to government targets. Malicious code has been identified in private sector organizations, and the full breadth of the cyberattacks remains unknown.
So pervasive and potentially destructive is the Solarwinds attack that congress held hearings to get a handle on its business and national security implications. Under intense questioning by lawmakers, an official from the Solarwinds reportedly blamed the breach on an intern who ignored the corporation’s cybersecurity protocols. According to news reports, the intern used the weak password “solarwinds123” and posted it online. Cybersecurity experts attribute upwards of 95 percent of breaches to human error.
To say the attacks blindsided private businesses and government agencies would be something of an understatement. Government-vetted firms such as FireEye were compromised due to the sophisticated methods used to hide the malicious code in software updates. The widespread embarrassment from organizations previously considered among the most secure has led many to believe critical information continues to be withheld. Much of the information released about the devastating breaches fails to identify the organizations that have been breached.
On the one hand, working with Solarwinds as a vendor or customer does not necessarily mean that an organization suffered a breach. But by that same token, the supply chain nature of the cyber-attack suggests that outfits outside direct Orion software users could be infected right now. That’s largely because congressional hearings and investigative reports indicate the hackers possess heightened skills, appear well-funded, and demonstrate a determination to hide in networks as long as possible to pilfer off digital assets and valuable personal data. Solarwinds appears to be an ongoing cybersecurity nightmare that should worry industry leaders.
As Microsoft and others continue to ferret out malicious strands of code, cybersecurity responses are being developed. Industry leaders who are concerned their organization may have been compromised enjoy access to open-sourced CodeQL queries. These are being rolled out by Microsoft to investigate incidents of Solarwinds Orion Malware laying hidden in networks.
Microsoft offers concerned parties free access to its cybersecurity software that was crafted to hunt down this malware. Decision-makers would also be wise to take the following proactive measures to ensure the integrity of their digital assets.
The Solarwinds attack highlights how clever, well-financed hackers can infiltrate seemingly impenetrable defenses such as the Department of Homeland Security. That’s why it’s essential for organizations to harden their cybersecurity defenses and deter emerging threats. However, the average business with even sound cybersecurity protections in place was no match for these Russian hackers. If you are concerned your network has been compromised through the Solawinds supply chain or by other threat actors, contact a cybersecurity expert and have your system analyzed and penetration tested.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.